Zoom-Bombing and Cyber-Hacking: Here's How to Protect Yourself
Your hands aren't the only thing you need to keep clean during the coronavirus pandemic.
By Elizabeth Nelson
When the coronavirus (COVID-19) first began its rampage across our world, one of the first
things to happen was that people suddenly became hyper-aware of their personal hygiene. “Wash
your hands!” is the rallying cry of this pandemic, as we all strive to avoid becoming sick or
unwittingly spreading the virus.
But now that many of us are working, teaching, and attending classes from home, another kind of
hygiene has become extremely important as well: cyber hygiene. Following best practices to keep
our home computers up-to-date and secure will ensure that we’re able to continue with our work
and educational obligations for the duration of the stay-at-home order.
Touro Graduate School of Technology professors and cybersecurity experts Behrooz Khorsandi and
Yosef Lehrman are on the front lines when it comes to the technical side of this crisis; we
spoke to them about how we can protect ourselves from becoming victims of cyber-hacking,
Zoom-bombing, and other online hazards.
Controlling access
“Someone was presenting his PhD thesis a couple of weeks ago on Zoom, and apparently a ‘Zoom
bomb’ was issued, which caused his session to be compromised,” says Khorsandi. “It was a very
embarrassing moment for this individual, in front of his professors and other faculty members,”
said Khorsandi.
One way to keep your Zoom meetings secure, says Lehrman, is to make sure you never post the link
in a public forum. “Anyone who has the link can access the conference,” he explains. “Obviously,
this poses a problem.” He recommends posting meeting links only in controlled environments, as
opposed to social media feeds or public web pages.
Another thing people can do is make their Zoom meetings password-protected. “This is a mechanism
to control who has access to the online forum,” says Lehrman. Guests are sent to a Zoom “waiting
room” until the host lets them into the meeting (or classroom). Once in the meeting, guests
should not be allowed to share their screens. “Screen-sharing should be limited to the host or
instructor,” says Lehrman.
Putting a policy in place
Khorsandi and Lehrman emphasize that there will always be a trade-off when it comes to security
and user-friendliness. “How easy do you want to make it for students or employees to access
meetings and material, in light of the possible implications of compromise?” asks Khorsandi. “If
it’s too difficult for the users, they’ll figure out a way around security restrictions.”
The answer to the accessibility/security conundrum, Khorsandi and Lehrman believe, lies in
having a solid telework or distance learning policy in place. “I would make the policy number
one, before anything else can be done,'' says Khorsandi. “Employees, instructors, and students
need to know the agreed-upon policy by the organization or institution.” He suggests an email or
short training session to go over the policy and make sure people understand the importance of
information security. “The key idea is communication in regards to policies—what's permitted and
what's not.”